CVE-2013-0132

Publication date

2013-04-18 18:00:00

Family

certcc

State

PUBLISHED

Description

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.